US10757092B2ActiveUtilityA1

Controlling access to personal data

71
Assignee: AMAZON TECH INCPriority: Jun 10, 2016Filed: May 15, 2018Granted: Aug 25, 2020
Est. expiryJun 10, 2036(~9.9 yrs left)· nominal 20-yr term from priority
Inventors:Anurag Sharma
H04L 63/10G06F 21/6245H04L 63/0815G06F 16/9535H04L 63/083G06F 3/0481
71
PatentIndex Score
1
Cited by
12
References
20
Claims

Abstract

Disclosed are various embodiments for controlling access to personal data of a user. Content can be requested from a network site using an authentication token. A determination can be made that the network site requires personal data. A portion of the personal data can be received from a personal data service. The personal data can be sent to the network site. The network site can send content including the personal data. The content can be rendered for presentation.

Claims

exact text as granted — not AI-modified
Therefore, the following is claimed: 
     
       1. A system, comprising:
 a client computing device; and 
 at least one application executable in the client computing device, wherein when executed the at least one application causes the client computing device to at least:
 receive an authentication token from a federated identity provider; 
 request content from a network site using the authentication token; 
 receive a response from the network site indicating that personal data is required to provide the content; 
 generate a user interface requesting user consent to transmit the personal data; 
 receive the user consent via the user interface; 
 receive at least a portion of the personal data from a personal data service, 
 
 wherein the user consent is received prior to receiving the personal data from the personal data service;
 send the personal data to the network site; 
 receive the content including the personal data from the network site; and 
 render the content for presentation. 
 
 
     
     
       2. The system of  claim 1 , wherein when executed the at least one application causes the client computing device to at least:
 receive a security credential from a user; and 
 authenticate the security credential with the federated identity provider, wherein the authentication token is received in response to authenticating the security credential. 
 
     
     
       3. The system of  claim 1 , wherein the personal data service is executed by the client computing device. 
     
     
       4. The system of  claim 1 , wherein the personal data service is executed by a different computing device. 
     
     
       5. The system of  claim 1 , wherein the user interface comprises a first user interface, and when executed the at least one application causes the client computing device to at least:
 determine that another portion of the personal data is unavailable; and 
 render a second user interface requesting the other portion of the personal data. 
 
     
     
       6. The system of  claim 5 , wherein when executed the at least one application causes the client computing device to at least store the other portion of the personal data received via the second user interface in the personal data service. 
     
     
       7. The system of  claim 1 , wherein the user interface comprises a first user interface, and when executed the at least one application further causes the client computing device to at least:
 generate a second user interface requesting consent to transmit additional personal data; 
 receive a denial of consent via the second user interface; and 
 limit at least one feature of the content based at least in part on the denial of consent. 
 
     
     
       8. A system, comprising:
 a client computing device; and 
 at least one application executable in the client computing device, wherein when executed the at least one application causes the client computing device to at least:
 request content from a network site using an authentication token from an identity provider; 
 determine that the network site requires personal data based at least in part on a response from the network site to the request for the content; 
 request at least a portion of the personal data from a personal data service; 
 send the personal data to the network site; 
 generate a user interface requesting consent to transmit additional personal data; 
 receive a denial of consent via the user interface; 
 receive the content including the personal data from the network site; 
 limit at least one feature of the content based at least in part on the denial of consent; and render the content for presentation. 
 
 
     
     
       9. The system of  claim 8 , wherein when executed the at least one application causes the client computing device to at least:
 receive a security credential from a user; 
 authenticate the security credential with the identity provider; and 
 receive the authentication token from a federated identity provider based at least in part on the security credential. 
 
     
     
       10. The system of  claim 8 , wherein when executed the at least one application causes the client computing device to at least record a log entry that the personal data was sent to the network site. 
     
     
       11. The system of  claim 8 , wherein when executed the at least one application causes the client computing device to at least:
 generate an audio announcement via an audio device requesting user consent; and 
 receive a verbal user consent. 
 
     
     
       12. The system of  claim 11 , wherein the audio device is a networked audio device. 
     
     
       13. The system of  claim 8 , wherein when executed the at least one application further causes the client computing device to at least perform a discovery function in order to locate the personal data service. 
     
     
       14. A method, comprising:
 receiving, via a client computing device, an authentication token from an identity provider; 
 requesting, via the client computing device, content from a network site using the authentication token; 
 receiving, via the client computing device, a response from the network site indicating that personal data is required to provide the content; 
 generating, via the client computing device, a request for user consent to transmit the personal data; 
 receiving, via the client computing device, the user consent prior to requesting the personal data from the personal data service; 
 requesting, via the client computing device, a portion of the personal data from a personal data service; 
 sending, via the client computing device, the personal data to the network site; 
 receiving, via the client computing device, the content including the personal data from the network site; and 
 rendering, via the client computing device, the content for presentation. 
 
     
     
       15. The method of  claim 14 , further comprising limiting, via the client computing device, access to the personal data by denying access to network addresses not on a whitelist of approved network addresses. 
     
     
       16. The method of  claim 14 , further comprising:
 determining, via the client computing device, that another portion of the personal data is unavailable; and 
 rendering, via the client computing device, a user interface requesting the other portion of the personal data. 
 
     
     
       17. The method of  claim 16 , further comprising storing, via the client computing device, the other portion of the personal data received via the user interface in the personal data service. 
     
     
       18. The method of  claim 14 , further comprising performing, via the client computing device, a discovery function in order to locate the personal data service. 
     
     
       19. The method of  claim 14 , wherein the request for user consent comprises an audio announcement via an audio device requesting the user consent. 
     
     
       20. The method of  claim 14 , further comprising:
 generating, via the client computing device, a user interface requesting consent to transmit additional personal data; 
 receiving, via the client computing device, a denial of consent via the user interface; and 
 limiting, via the client computing device, at least one feature of the content based at least in part on the denial of consent.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.